On Fri, May 17, 2013 at 03:56:36PM +0200, Salvatore Bonaccorso wrote: > Package: libvirt > Version: 1.0.5-2 > Severity: grave > Tags: security upstream patch > > Hi, > > the following vulnerability was published for libvirt. > > CVE-2013-1962[0]: > DoS (max count of open files exhaustion) due sockets leak in the storage pool > > Upstream patch can be found at [1]. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962 > http://security-tracker.debian.org/tracker/CVE-2013-1962 > [1] > http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 > > Only experimental version should be affected. Note, the serverity > grave might be a bit overrated in this case, so if you do not agree > please downgrade to important.
Just for the record: I double checked that oldstable/stable/sid aren't affected. Cheers, -- Guido > > Regards, > Salvatore > > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org